Cloud
Disaster recovery
Security
May 11, 2020 By Archana Venkatraman
Barry Brown
Jonathan McCormick
3 min read

Nowadays, cloud services—especially public cloud services—are the launchpad for innovation.

With legacy applications now beginning their cloud-migration journeys, cloud security and data protection response are becoming more complicated.

In fact, 62% of European enterprises operating in multicloud environments said they are looking to switch their data protection architecture because it “lacks features and innovation in new technologies and emerging needs.” Having state-of-the-art encryption capabilities in the cloud as well as complete control of the keys to ensure data protection and compliance are important to these organizations.

As cloud becomes a de facto operating model for mission-critical and modern workloads and as new technologies such as containers become mainstream, it is imperative to modernize security designs and solutions.

Figure: Top cloud data services challenges of today.

Adopting cloud for speed and agility without adapting security framework is a risky strategy

IDC research shows that 93% of organizations have been the target of malware attacks, including ransomware, in the past 12 months, with more than half of those suffering successful attacks and most experiencing multiple attacks. 54% of organizations have suffered an unrecoverable data event in the past three years. Especially in the current context, where most employees are working remotely and trying to access sensitive data, the threats are more significant and require more sophisticated threat and fraud detection.

Whilst innovation and speed of business are key parameters of digital transformation—and the digital importance is increasing day-by-day under current circumstances—IDC firmly believes that to succeed with digital transformation, enterprises must embrace “digital trust.”

IDC predicts that, with the business criticality of digital trust rising, 55% of European spending on security services will be devoted to developing, implementing, and maintaining a ‘trust framework’ by mid-2023.

European enterprises and regulators have a privacy-first and data protection-first approach to cloud adoption. The introduction of new privacy laws, such as the EU GDPR, have become game-changing regulations and brought consideration of storage, use, and protection of personal data front and center. These regulations aim to put privacy and personal data in the control of the consumers, making businesses reassess how they can comply with the new requirements whilst continuing business initiatives. Companies are forced to be more attentive to the security and privacy features in the cloud services.

When investing in cloud technologies, they are assessing how they can build a robust security framework with trust-by-design and security-by-design principles for digital transformation.

The dilemma

Organisations certainly need to comply with data protection regulations, but more importantly, they need to function as businesses and progress their data-driven initiatives to gain a competitive advantage. Security is both an inhibitor and a driver for cloud adoption. How enterprises navigate through the challenges determine their success.

Key security considerations in mitigating cloud risks

  • Shifting security left is a key investment priority related to the application development and deployment platform for 61% of European organizations that IDC surveyed.
  • Integrated data protection for data at rest and in transit are important along with non-disruptive protection of newer environments, such as DevOps environments where data is in use.
  • Data protection should cover modern container environments and enable rollbacks, modern database support, and isolation to facilitate accelerated application delivery.
  • A data protection solution for your cloud environment should offer data encryption, data access control, key management, and certification management. EU GDPR is not prescriptive regarding the technologies required to enable compliance. However, it recommends the implementation of encryption and pseudonymisation as approaches to protect sensitive data and manage risks.
  • Extensive security-related certifications to protect tampering against the Hardware Security Module in the cloud.
  • Another key consideration is data integrity—maintain the accuracy and consistency of the data to ensure that the business is confident about the insights derived from analytics.
  • Data access monitoring—a significant threat comes from internal sources, including disgruntled employees, dishonest employees looking for gain, or just careless employees exposing sensitive data. In fact, malicious insider threats are the third most cited concern, according to IDC. Monitoring data access and looking for anomalies in behaviour can help mitigate internal threat risks, regardless of where the data is located.

About 43% of European organisations are focusing their digital transformation efforts on data capitalisation and data monetisation to create new data-driven revenue streams.  But, in order to achieve this, they need to prioritise privacy and data security, compliance, and information governance as cornerstone initiatives.

IDC data source: “Why are Hybrid and Multicloud Data Services Challenges Intensifying This Year Compared With 2018?

Learn more about IBM public cloud

Listen to this joint IDC & IBM podcast series on public cloud:

Discover the benefits of IBM public cloud and build for free on IBM Cloud.

IDC data source: Why are Hybrid and Multicloud Data Services Challenges Intensifying This Year Compared With 2018?

Was this article helpful?
YesNo
Archana Venkatraman
Associate Research Director, IDC Europe
Barry Brown
Technical Sales Leader, IBM Public Cloud, Europe
Jonathan McCormick
Technical Lead, IBM Public Cloud, Europe

More from Cloud
July 16, 2024

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights into…

July 16, 2024

The power of the mainframe and cloud-native applications 

4 min read - Mainframe modernization refers to the process of transforming legacy mainframe systems, applications and infrastructure to align with modern technology and business standards. This process unlocks the power of mainframe systems, enabling organizations to use their existing investments in mainframe technology and capitalize on the benefits of modernization. By modernizing mainframe systems, organizations can improve agility, increase efficiency, reduce costs, and enhance customer experience.  Mainframe modernization empowers organizations to harness the latest technologies and tools, such as cloud computing, artificial intelligence,…

July 16, 2024

Modernize your mainframe applications with Azure

4 min read - Mainframes continue to play a vital role in many businesses' core operations. According to new research from IBM's Institute for Business Value, a significant 7 out of 10 IT executives believe that mainframe-based applications are crucial to their business and technology strategies. However, the rapid pace of digital transformation is forcing companies to modernize across their IT landscape, and as the pace of innovation continuously accelerates, organizations must react and adapt to these changes or risk being left behind. Mainframe…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters